Who does the GDPR apply to?
- Organizations located within the EU
- Organizations located outside of the EU if they offer goods or services to (even for free), or monitor the behavior of, EU residents
Does GDPR still apply if my organization is outside of EU?
If you offer your goods or services to or monitor the behavior of any EU residents, then you must comply with GDPR.
What type of data is considered to be personal data?
Under GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”), such as name, email, location, IP address, or online behavior. You can find more detailed information about the “personal data” here.
What is “Personal Data Processing”?
Personal data processing is a broadly defined term under the GDPR. It covers any operations performed on personal data with no limitation such as deleting, collecting, storing, and transferring the personal data.
What are the rights of my customers as data subjects?
GDPR lets individuals to decide what happens to their personal data. Individuals may ask your company to:
- Access, update or correct errors on their personal data
- Delete their own personal data
- Raise an objection to processing
- Restrict the personal data processing
- Obtain the personal data in a structured, commonly used and machine-readable format and transmit the data to a third party
- Withdraw the consents of the personal data processing
- Lodge a complaint to a supervisory data protection authority
Who are the data controllers and data processors under the GDPR?
Data controllers determine the purposes and conditions of the processing personal data. Data processors processes personal data on behalf of the data controllers.
What is my role if I am a data controller?
You are obligated to provide privacy notices to individuals who engage with your brands detailing how you collect and use information etc., and obtain consents if needed. If the individuals want to know what data you process or they do not want your business, you must send a notice in a reasonable time frame.
Is RMC a controller or a processor?
RMC is a data processor of your consumer data and you are the data controller.
What is the role of RMC as a data processor?
RMC acts as a data processor for the personal data that company sends as a part of our service agreement. RMC only processes the personal data in accordance with your company’s permission and instructions.
Is RMC taking steps to address GDPR compliance?
Currently, RMC has an active GDPR program. Many areas of GDPR requirements have been addressed and added to our product roadmap. RMC is committed to compliance with the General Data Protection regulation.
Does using RMC automatically make my company GDPR compliant?
Every organization must determine the GDPR status by themselves. RMC cannot provide a direct guidance or make assertions about your GDPR compliance.
What is a Data Processing Agreement (DPA)?
GDPR requires the data controllers to sign an agreement with anyone who handles the data. Data processing agreement is an agreement between RMC and the customers. The agreement clarifies rights and obligations of both parties under the GDPR.
Will RMC enter into a DPA with me?
Yes, we are working on our DPA available, and it will be published soon on our webpage so that our customers can be confident that their data is processed in compliance with the General Data Protection Regulation.
Does RMC work with any sub-processors?
Yes, the complete list of current sub-processors are published on our website.
How to Contact Us?
Address: Maslak Mah. Büyükdere Cd. No:249 Sarıyer – Istanbul/Turkey